cli: handle passwords securely
This commit is contained in:
parent
e87d21d396
commit
3f98449ce0
3 changed files with 55 additions and 8 deletions
|
@ -49,15 +49,10 @@ func readLine(trm *term.Terminal, prompt string) (string, error) {
|
|||
// ReadPassword reads the user's password with prompt.
|
||||
func ReadPassword(prompt string) (string, error) {
|
||||
trm := Terminal
|
||||
if trm == nil {
|
||||
s, err := term.MakeRaw(int(syscall.Stdin))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
|
||||
trm = term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
|
||||
if trm != nil {
|
||||
return trm.ReadPassword(prompt)
|
||||
}
|
||||
return trm.ReadPassword(prompt)
|
||||
return readSecurePassword(prompt)
|
||||
}
|
||||
|
||||
// ConfirmTx asks for a confirmation to send the tx.
|
||||
|
|
30
cli/input/readpass_unix.go
Normal file
30
cli/input/readpass_unix.go
Normal file
|
@ -0,0 +1,30 @@
|
|||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package input
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"golang.org/x/term"
|
||||
)
|
||||
|
||||
// readSecurePassword reads the user's password with prompt directly from /dev/tty.
|
||||
func readSecurePassword(prompt string) (string, error) {
|
||||
f, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer f.Close()
|
||||
_, err = f.WriteString(prompt)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
pass, err := term.ReadPassword(int(f.Fd()))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to read password: %w", err)
|
||||
}
|
||||
_, err = f.WriteString("\n")
|
||||
return string(pass), err
|
||||
}
|
22
cli/input/readpass_windows.go
Normal file
22
cli/input/readpass_windows.go
Normal file
|
@ -0,0 +1,22 @@
|
|||
//go:build windows
|
||||
// +build windows
|
||||
|
||||
package input
|
||||
|
||||
import (
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
"golang.org/x/term"
|
||||
)
|
||||
|
||||
// readSecurePassword reads the user's password with prompt.
|
||||
func readSecurePassword(prompt string) (string, error) {
|
||||
s, err := term.MakeRaw(int(syscall.Stdin))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
|
||||
trm := term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
|
||||
return trm.ReadPassword(prompt)
|
||||
}
|
Loading…
Reference in a new issue